Back to skill
Skillv1.0.0
ClawScan security
Clawdtm Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 6:07 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (searching, evaluating, and fetching skills from a public advisor API); it is instruction-only and requests no credentials, but installers should still review fetched files before writing/executing them.
- Guidance
- This advisor skill appears coherent and does what it says: it queries a public API and returns skill files to write into your workspace. Before installing any fetched skill, manually inspect the returned files (especially install/setup scripts), verify any integrity/signatures if available, and avoid automatically executing scripts. Prefer skills with good security scores and human reviews; do not enable high/critical-risk skills unless you explicitly understand and accept the risks. Be cautious about the fallback 'clawhub install' command — confirm that tool is present and trusted before invoking it.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior in SKILL.md: it queries a public API to search and fetch skill files and returns installation instructions. It does not request unrelated credentials or binaries.
- Instruction Scope
- noteThe instructions tell the agent to fetch skill files from clawdtm.com and write each returned file into ./skills/{slug}/. This is expected for an installer, but the SKILL.md does not require or document integrity checks, signature verification, or sandboxing of fetched files. It also suggests falling back to running an external tool ('clawhub install {slug}') if files are null, which implicitly assumes that tool exists and is trusted.
- Install Mechanism
- okNo install spec or binaries are included; the skill is instruction-only and performs remote HTTP requests to a clearly stated API. This is the lowest-risk install mechanism in the platform model.
- Credentials
- okThe skill declares no required environment variables, primary credential, or config paths. SKILL.md also claims the advisor endpoints are public and need no auth; there is no evidence the skill asks for unrelated secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or elevated privileges. It does instruct writing files into the agent workspace for installs, which is expected for an installer.